Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ttraff.cc/wix?keyword=theoretical+and+experimental+probability+worksheet+7th+grade+answers

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static.usrfiles.com/ugd/b8c837_43d352a308e04bdf91c55196a9063abb.pdf
  • https://static.usrfiles.com/ugd/0cd3a8_71902e3e3eb64c1183d2d624b783c1b0.pdf
  • https://static.usrfiles.com/ugd/4e6dd5_d0dec5ba4c0d4dc6a33bb23263336673.pdf
  • https://static.usrfiles.com/ugd/1cc7e8_7d7d646b3b8e40d0af18206617df889d.pdf
  • https://static.usrfiles.com/ugd/726ec9_7a249a8a56ef44a7996e46e277610169.pdf
  • https://static.usrfiles.com/ugd/d9d1f5_2467a92a23ca4be894d341de1b00a7c2.pdf
  • https://static.usrfiles.com/ugd/b8c837_c0490332ced44525988ae3e4ed2cb481.pdf
  • https://static.usrfiles.com/ugd/ddb60a_64a5b41bb03b47f48aeb7b4fe4e4cad9.pdf
  • https://static.usrfiles.com/ugd/b8c837_87d4afba8bcf4aff8f54b9396dfdaab7.pdf
  • https://static.usrfiles.com/ugd/63d3ad_7ea31e813cc148989b7e507cd8876c7c.pdf
  • https://static.usrfiles.com/ugd/87d215_0d8a19ff12b94eaba6c6277154cc370d.pdf
  • https://static.usrfiles.com/ugd/8ba634_f0a15bd712c142a1819077b673daa124.pdf
  • https://static.usrfiles.com/ugd/9cfd0a_1d65bb0415a94df9b851e9688cb9959b.pdf
  • https://static.usrfiles.com/ugd/b8c837_4db56a3895fa4965a81bf66695c320eb.pdf
  • https://static.usrfiles.com/ugd/b8c837_30fd54937558457bb69c065553ce4808.pdf
  • https://static.usrfiles.com/ugd/b8c837_9e4e2a1d621446939847d2da4ef603dc.pdf
  • https://static.usrfiles.com/ugd/79e5df_bbcd3cfd10634d579c1ee6fcfdefa258.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.